n0fate · jpstotz · Apr 4, 2025
diff --git a/chainbreaker/__init__.py b/chainbreaker/__init__.py
@@ -383,7 +383,7 @@ def _private_key_decryption(self, encryptedblob, iv):
 
         return keyname, keyblob
 
-    # ## Documents : http://www.opensource.apple.com/source/securityd/securityd-55137.1/doc/BLOBFORMAT
+    # ## Documents : https://github.com/apple-opensource/Security/blob/master/securityd/doc/BLOBFORMAT
     def _generate_master_key(self, pw):
         return pbkdf2_hmac('sha1', str.encode(pw), bytearray(self.dbblob.Salt), 1000, dklen=Chainbreaker.KEYLEN)
 
@@ -453,7 +453,7 @@ def _get_private_key_record(self, record_offset):
         if not self.db_key:
             keyname = privatekey = Chainbreaker.KEYCHAIN_LOCKED_SIGNATURE
         else:
-            keyname, privatekey = self._private_key_decryption(record[10], record[9])
+            keyname, privatekey = self._private_key_decryption(record[11], record[10])
         return self.PrivateKeyRecord(
             print_name=record[0],
             label=record[1],
@@ -462,10 +462,11 @@ def _get_private_key_record(self, record_offset):
             key_type=record[4],
             key_size=record[5],
             effective_key_size=record[6],
-            extracted=record[7],
-            cssm_type=record[8],
-            iv=record[9],
-            key=record[10],
+            is_extractable=record[7],
+            is_sensitive=record[8],
+            cssm_type=record[9],
+            iv=record[10],
+            key=record[11],
             key_name=keyname,
             private_key=privatekey,
         )
@@ -492,6 +493,7 @@ def _get_key_record(self, table_name, record_offset):
 
         record_meta = _SECKEY_HEADER(self.kc_buffer[base_addr:base_addr
                                                     + _SECKEY_HEADER.STRUCT.size])
+        print(_SECKEY_HEADER.STRUCT.size)
 
         key_blob = self.kc_buffer[base_addr
                                   + _SECKEY_HEADER.STRUCT.size:base_addr
@@ -508,6 +510,7 @@ def _get_key_record(self, table_name, record_offset):
                 self._get_int(base_addr, record_meta.KeySizeInBits & 0xFFFFFFFE),
                 self._get_int(base_addr, record_meta.EffectiveKeySize & 0xFFFFFFFE),
                 self._get_int(base_addr, record_meta.Extractable & 0xFFFFFFFE),
+                self._get_int(base_addr, record_meta.Sensitive & 0xFFFFFFFE),
                 STD_APPLE_ADDIN_MODULE[
                     self._get_lv(base_addr, record_meta.KeyCreator & 0xFFFFFFFE).decode('utf-8').split('\x00')[0]],
                 iv,
@@ -872,16 +875,17 @@ def file_ext(self):
 
     class PrivateKeyRecord(KeychainRecord):
         def __init__(self, print_name=None, label=None, key_class=None, private=None, key_type=None, key_size=None,
-                     effective_key_size=None, extracted=None, cssm_type=None, key_name=None, private_key=None, iv=None,
-                     key=None):
+                     effective_key_size=None, is_extractable=None, is_sensitive=None, cssm_type=None, key_name=None,
+                     private_key=None, iv=None, key=None):
             self.PrintName = print_name
             self.Label = label
             self.KeyClass = key_class
             self.Private = private
             self.KeyType = key_type
             self.KeySize = key_size
             self.EffectiveKeySize = effective_key_size
-            self.Extracted = extracted
+            self.isExtractable = is_extractable
+            self.isSensitive = is_sensitive
             self.CSSMType = cssm_type
             self.KeyName = key_name
             self.PrivateKey = private_key
@@ -899,7 +903,8 @@ def __str__(self):
             output += ' [-] Key Type: %s\n' % self.KeyType
             output += ' [-] Key Size: %s\n' % self.KeySize
             output += ' [-] Effective Key Size: %s\n' % self.EffectiveKeySize
-            # output += ' [-] Extracted: %s\n' % self.Extracted
+            output += ' [-] isExtractable: %s\n' % self.isExtractable
+            output += ' [-] isSensitive: %s\n' % self.isSensitive
             output += ' [-] CSSM Type: %s\n' % self.CSSMType
             # output += ' [-] KeyName: %s\n' % self.KeyName